talks

Some of my talks

Mac-A-Mal An Automated Platform for Mac Malware Hunting

Blackhat Asia 2018

As Mac systems grow in popularity, so does macOS malware - whilst macOS malware analysis is still lagging behind - particularly when we deal with malicious behaviors in the user space. To amend this shortcoming, we have come up with macOS analyzer for malware – Mac-A-Mal: a system for behavioral monitoring of components at kernel level which allows analysts to automatically investigate malware on macOS, broadly extending what is available today with Cuckoo sandbox. Full Abstract & Presentation Materials

When Electromagnetic Signals Reveal Obfuscated Malware-Deep and Machine Learning Use cases

SemSecuElec, DGA-MI. October 22, 2021

The Internet of Things (IoT) is constituted of devices that are expo-nentially growing in number and in complexity. They use plentiful customized firmware and hardware, ignoring potential security issues, which make them a perfect victim for cybercriminals, especially malware authors. We described a new usage of side channel information to identify threats that are targeting the device. Using our approach, a malware analyst is able to accuracy know about malware type and identity, even in the presence of obfuscation techniques which may avoid static or symbolic binary analysis. We captured 100,000 leakage traces from an IoT device infected by a miscellaneous and representative in-the-wild malware samples and realistic benign activity. Our technique does not need to modify the target device. Thus, it can be deployed independently from the resources available without any overhead. Moreover, our approach has the advantage that it can hardly be detected and evaded by the malware authors. In our experiments, we were able to classify three generic malware types (and one benign class) with an accuracy of 99.82%. Even more, we show that our solution permits to classify altered malware samples with unseen obfuscation techniques during the training phase, and to determine what kind of obfuscations were applied to the binary, which makes our approach particularly useful for malware analysts. Video

Malware classification using EM leakages

Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), Oct. 2021

Slides

Electromagnetic Side-Channel Analysis for Obfuscated Malware classification

Israeli Conference on Hardware and Side-Channel Attacks (ICHSA) 2021

macOS malware analyzer

Trend Micro global internal meeting (09/2017)